﻿using System;
using System.Security.Cryptography;
using System.Web.Configuration;
using System.Web.Security;

namespace BoardPACDAO.Auth
{
    public class CustomMembershipProvider : SqlMembershipProvider
    {
        private string connectionString;
        public override void Initialize(string name, System.Collections.Specialized.NameValueCollection config)
        {
            //configuration collection.
            string connectionStringName = config["connectionStringName"];
            base.Initialize(name, config);
            if (PasswordFormat != MembershipPasswordFormat.Hashed)
            {
                throw new NotSupportedException("You can only use this provider with hashed passwords.");
            }
            connectionString = WebConfigurationManager.ConnectionStrings["CustomConnectionString"].ConnectionString;
        }

        public override string ResetPassword(string username, string passwordAnswer)
        {
            string newPassword = base.ResetPassword(username, passwordAnswer);
            //No recovery logic at this point
            InsertHistoryRow(username, newPassword);
            return newPassword;
        }

        public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
        {
            MembershipUser mu;
            mu = base.CreateUser(username, password, email, passwordQuestion, passwordAnswer,
                                         isApproved, providerUserKey, out status);

            if (status != MembershipCreateStatus.Success)
            {
                return mu;
            }

            //Only insert the password row if the user was created
            try
            {
                InsertHistoryRow(username, password);
                return mu;
            }
            catch (Exception ex)
            {
                //Attempt to cleanup after a creation failure
                base.DeleteUser(username, true);
                status = MembershipCreateStatus.ProviderError;
                return null;
            }
        }
        public override bool ChangePassword(string username, string oldPassword, string newPassword)
        {
            if (PasswordUsedBefore(username, newPassword))
            {
                return false;
            }
            bool result = base.ChangePassword(username, oldPassword, newPassword);

            if (result == false)
            {
                return result;
            }

            //Only insert the password row if the password was changed
            try
            {
                InsertHistoryRow(username, newPassword);
                return true;
            }
            catch (Exception ex)
            {
                //Attempt to cleanup after a failure to log the new password
                base.ChangePassword(username, newPassword, oldPassword);
                return false;
            }
        }

        //Private methods that provide most of the functionality
        private byte[] GetRandomSaltValue()
        {
            using (RNGCryptoServiceProvider rcsp = new RNGCryptoServiceProvider())
            {
                byte[] bSalt = new byte[16];
                rcsp.GetBytes(bSalt);
                return bSalt;
            }
        }
        private void InsertHistoryRow(string username, string password)
        {
            try
            {

            }
            catch (Exception)
            {
                throw;
            }

        }
        private bool PasswordUsedBefore(string username, string password)
        {
            return true;
        }
    }
}